CVE-2019–2729
Description
The Oracle WebLogic server is affected by a remote code execution vulnerability in wls9_async_response.war and wls-wsat.war packages due to unsafe deserialization of Java objects. A remote unauthenticated attacker can exploit the issue by sending a custom Java serialized object via HTTP request to execute arbitrary Java code in the context of the web server.
Tool: Python, Nmap, Nessus
Python Script: https://github.com/rootedshell/Weblogic
Proof of Concept
Solution
https://www.oracle.com/security-alerts/alert-cve-2019-2729.html
Reference
